On Tue, 12 Mar 2002, Andreas Raab wrote:

> > >  Whilst I'm well aware that it *may* be an isolated case,
> > > we may wish to plan how to 'harden' a Swiki against
> > > this kind of attack.  Not easy, as the usualtrade-off between
> > > freedom and security raises its head almost immediately.
> > 
> > If someone persistent comes along, you pretty much have to 
> > shut down, at least for a while. :(
> 
> I find this unlikely. Many more people actively watch the Swiki than
> would eventually deface it.

It is true that the Wiki's that I've seen that had to "seal themselves
off" for a while were mainly maintained by one or two folks.

VisualWorks Wikis have a nice feature, sort of a "revert to previous
version". We can kind of do that by copy and paste.

However, while a *bad* feature for general use, it seems an excellent
feature for an administrator

> Turns out that these attacks have been there
> in the past but considering the psychological implications (no coolness
> factor whatsoever) and the numbers (thousands to one) it seems to me
> that the best way to go about it is to just ignore it.

Well, a sort of complicated ignoring that involves paying a lot of
attention :)

> The defacement
> didn't stand for longer than a few hour and fortunately, Swikis do have
> a history so even the vandalism factor is exactly zero. If some dude
> really thinks he has to spent about twenty minutes in making stuff up
> and we can revert it in two seconds, then that's a tradeoff I can easily
> live with.

Sure, except it really is not all *that* hard to overwhelm even thousands,
and polluting the histories of pages can be a real drag.

I'm not saying that we're anywhere near this point yet, especially if the
"vandal" can be tracked down and noogied.

Cheers,
Bijan Parsia.